Traditionally, username and password combinations have been used to authenticate a user logging into a secure system such as a website. This technique is fraught with problems. For example, this authentication technique relies on a user having to remember their password. Sometimes systems place certain constraints on passwords in an effort to make the system more secure (e.g. requiring a certain number of characters, certain types of characters, etc.) and, while such constraints may be helpful to make the system more secure, they may also make the created password more difficult for a user to remember.
Additionally, password-based authentication is also susceptible to attack. For example, keylogging software may be installed on a device by a hacker or fraudster and may be used to secretly monitor keystrokes, including passwords. Since passwords are often sent from one computer to another (e.g. from the computer that a user is typing the password on to a computer which receives the password to authenticate the user), passwords are also susceptible to a sniffing attack (e.g., capture and analysis of packets of data flowing over a network). For example, packet sniffing software may be used by a fraudster connected to a user's Wi-Fi network to capture passwords sent by the user over the network.
Passwords are also susceptible to an attack directed at the secure system itself. For example, a brute force attack consists of an automated hacker program constantly attempting logins using a single user-name and millions of password combinations. There are numerous examples in recent history where a hacker has gained access to a secure system through vulnerabilities such as newly discovered weaknesses in security applications (such as openSSL), causing the secure system to request that users change their passwords.
Accordingly, there is a need for improved methods of authenticating a login of a user.
Like reference numerals are used in the drawings to denote like elements and features.